Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

9/23/2010
03:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Application Security, Inc. Delivers Automated Database Audits With AppDetectivePro 7

AppDetectivePro 7 centralizes and automates existing audit procedures

NEW YORK – September 21, 2010 – Application Security, Inc., the leading provider of database security, risk and compliance solutions for the enterprise, today announced the release of AppDetectivePro™ 7 for auditors and IT advisors. The latest version of AppDetectivePro automates and streamlines the database audit process, providing enhanced contextual scanning and reporting capabilities that allow auditors to standardize their extensive processes.

With the AppDetectivePro Work Plan Manager, IT auditors, consultants, and assessors can now centralize and automate their existing audit procedures. The new capabilities significantly reduce the manual effort and man-hours necessary to analyze audit findings, and provide the ability to map audit control objectives to scan policies prior to running the scan. For organizations that require DIACAP compliance, AppDetectivePro 7 provides a built-in DISA-STIG (Defense Information Systems Agency Security Technical Implementation Guide) work plan framework that includes scan policies and questionnaire definitions for each database-specific version. This framework simplifies audits and reduces the time to compliance by consolidating all reporting requirements including CoBIT, COSO, and ISO 27002.

"We've removed the painstakingly slow method of manually uploading information from DBA interviews as part of the database assessment and audit process," said Josh Shaul, vice president, product management, AppSec. "With this release, we're delivering a level of automation not previously available by integrating automated and manual checks into a single process."

New AppDetectivePro 7 Capabilities:

* Work Plan Manager – Enables organizations to standardize the database audit process and control objectives, including the management of all questionnaires and scan policies. * Questionnaire Editor – Allows users to pair business risk context with database scans. The questionnaire editor allows users to map control objectives to specific checks within their scan policies. * Audit Findings Report – Delivers a comprehensive database audit report, providing consolidated results for a complete audit that includes manual interview answers and scan results. * SHATTER Knowledgebase Update – Built upon the most comprehensive knowledgebase in the industry, AppDetectivePro provides built-in knowledgebase updates of vulnerability and configuration checks from Team SHATTER, the industry's preeminent database security research team. * DISA-STIG Compliance – Provides a complete DISA-STIG Checklist Assessment, eliminating the need to run DISA's SRR's (Security Readiness Scripts), condensing all findings into one single report for maximum efficiency. * Meets Regulatory Requirements - Meets compliance needs for regulations including HIPAA, SOX, FISMA, PCI-DSS, Mass 201 and more.

"Automating processes that are time-intensive is critical to successful IT audits, said Ilya Zherebetskiy, Senior Manager, Information Protection and Business Resiliency, KPMG. "Knowing that I can let an automated tool scan databases that map across multiple regulatory requirements dramatically improves the overall audit process, regardless of the scale or complexity of that database environment."

Auditors, IT advisors, and Federal Government OIGs have made AppDetectivePro their database scanning and vulnerability assessment solution of choice. Deployed in over 130 countries, AppDetectivePro has been used to assess hundreds of thousands of databases in every vertical market.

About Application Security, Inc. AppSec is the leading provider of database security, risk and compliance (SRC) solutions for the enterprise. AppSec's agentless approach - AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise - delivers the industry's most scalable database SRC solution and is in use around the world in the most demanding environments by over 2,000 customers. The company was named to Inc. Magazine's 2007 (Inc. 500) and 2008 list of America's Fastest Growing Private Companies, and was also named to the 2008 Deloitte Technology Fast 50 by Deloitte & Touche.

For a free database vulnerability assessment visit: http://www.appsecinc.com/downloads/appdetectivepro/

For more information, please visit www.appsecinc.com.

Follow us on Twitter: www.twitter.com/appsecinc

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5641
PUBLISHED: 2020-11-24
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
CVE-2020-5674
PUBLISHED: 2020-11-24
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-29002
PUBLISHED: 2020-11-24
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29003
PUBLISHED: 2020-11-24
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...